diff options
Diffstat (limited to 'main/gdk-pixbuf/CVE-2017-6312.patch')
| -rw-r--r-- | main/gdk-pixbuf/CVE-2017-6312.patch | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/main/gdk-pixbuf/CVE-2017-6312.patch b/main/gdk-pixbuf/CVE-2017-6312.patch deleted file mode 100644 index 3cd9bbe757..0000000000 --- a/main/gdk-pixbuf/CVE-2017-6312.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- a/gdk-pixbuf/io-ico.c -+++ a/gdk-pixbuf/io-ico.c -@@ -330,10 +330,8 @@ static void DecodeHeader(guchar *Data, gint Bytes, - return; - } - -- /* We know how many bytes are in the "header" part. */ -- State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE; -- -- if (State->HeaderSize < 0) { -+ /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */ -+ if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) { - g_set_error (error, - GDK_PIXBUF_ERROR, - GDK_PIXBUF_ERROR_CORRUPT_IMAGE, -@@ -341,6 +339,9 @@ static void DecodeHeader(guchar *Data, gint Bytes, - return; - } - -+ /* We know how many bytes are in the "header" part. */ -+ State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE; -+ - if (State->HeaderSize>State->BytesInHeaderBuf) { - guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize); - if (!tmp) { |